Problem description

A vulnerability was found by the Google Security Team with how OpenSSL
checked the verification of certificates. An attacker in control of a
malicious server or able to effect a man-in-the-middle attack, could
present a malformed SSL/TLS signature from a certificate chain to a
vulnerable client, which would then bypass the certificate validation
(CVE-2008-5077).